How to Create a Strong Password That You’ll Remember

PublishedJuly 27, 2012

Image Credit: paul.orear

When it comes to picking a password, what system do you use for creating one that will be difficult to guess, but easy for you to remember?

For many people, the trend is to pick a word they’ll remember, like the name of their child or pet, and then add some easy to remember numbers after it, like a birth date. Somewhere along the way, you may have even been taught to substitute common letters for numbers, such as using a 3 in place of an E or a 0 (zero) for O.

While this is good practice in theory, the reality is that adding special characters to your password doesn’t make it any stronger. In fact, passwords like this are still very easy to crack.

The reason for this has to do with entropy, and a complicated math formula used to determine how long it would take for a password like this to be figured out. A seemingly complicated password such as Tr0ub4dor&3 has approximately 28 bits of entropy, which would take approximately 3 days to guess, at 1,000 guesses per second. Click here to read more about the concept of entropy.

It is because of entropy that the way we have been taught to create passwords is all wrong. Using conventional methods we may think that we’re picking a complex password, when in reality we’re just creating something that is easy for computers to figure out, but difficult for humans to remember.

Does this mean we’re doomed to having easy to crack passwords? Not necessarily. There is a better way to create a password that is more difficult for a computer to crack, but easier for you to remember.

The better way to create a password is to string four words together which may seem random, but which have some meaning to you. For example, a password created using the words correct, horse, battery, and staple (which would look like correcthorsebatterystaple) could be easy for you to remember, but would difficult to crack because it contains 44 bits of entropy, which would take 550 years to guess, at 1,000 guesses per second.

So the next time you are creating a password, take a moment and see if there are four seemingly random words you can remember, and use those to create your password. You’ll not only create something you can easily remember later, but you’re creating a password that is much more difficult for computers to crack, making for a more secure password in the long run.

Do you have a good trick to creating a good password? Leave us a comment and let us know how you create passwords.